this post was submitted on 12 Jun 2023
168 points (98.8% liked)

Selfhosted

40390 readers
532 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

you are viewing a single comment's thread
view the rest of the comments
[–] bassomitron 15 points 1 year ago* (last edited 1 year ago) (3 children)

Obligatory PSA: ProtonMail isn't any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/

I know the title of that sounds clickbaity, but they cite their sources. It's worth the read for those curious about ProtonMail's history and their CEOs.

[–] linearchaos 8 points 1 year ago (1 children)

Tbh, that document reads like a discovery channel 2am aliens documentary, but it's not completely without merit.

There are a couple line items about software services they're using that are shitty that sound pretty legit. The fact that they're operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person's IP address is legit.

The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they're not a secure as they could be would be unnecessary.

My best guess is they decided to make an email company based in Switzerland with the schtick that they're secure (banks amirite?) They're doing what they can to appear secure without spending too much money. They're not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they're going to do it.

They're probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there's no such thing as secure email.

[–] [email protected] 8 points 1 year ago (1 children)

The basic assumption every privacy-concerned person should have about email is that it's never secure. Unless you use an offline cryptography program to encrypt your email text and then paste it into the email body before you send it, your emails are insecure.

Email was never designed with that in mind. If you want to communicate securely with somebody, use a medium/method that has been designed from the start for that purpose.

I use ProtonMail because it's not a massive corpo and it's open source, but I don't believe that my emails are significantly more secure than on a service like Exchange or Gmail.

[–] [email protected] 3 points 1 year ago (1 children)

This has been my thinking about ProtonMail, even after reading the article on here, and even after reading https://digdeeper.club/articles/email.xhtml (which I have to reread because it keeps getting bigger).

There is no perfect solution, just different levels of trust. That is right, if I want to be "secure" I got to act like a journalist and use a temporary solution or something that has end-to-end encryption.

Besides, email is meant for public communication. No reason to elevate it into some something it will never be.

[–] [email protected] 3 points 1 year ago (1 children)

Yeah. In my experience, you have to be careful in the world of tech privacy/FOSS to not fall off a cliff to the extremes.

You can always find reasons to not trust some piece of tech hardware or software. It's all too complex and multifaceted to fully vett, and even when you can do that, there isn't anything that isn't touched in some way by mega-corps or glowie agencies.

Tor was developed by the US gov, same with the ancestor of the internet. Your network traffic runs on mega-corp wires, through mega-corp servers. Your hardware is developed, built, and distributed by mega-corps, as is most the firmware and microcode in them.

Even Richard Stallman, one of the most hardcore Free Software advocates has concessions he makes for firmware, microcode, and so forth.

The only way to be truly and completely secure tech-wise is to pull a Ted K. And go run into the woods and live in a little cabin, disown any tech built after the turn of the century lol.

It's "all or something" not, "all or nothing." Determine your threat model, your ethical bounds, and let those principles guide you. I think fundamentally what all FOSS folks have in common is the idea that the tech you use should serve your needs and desires, not the needs/desires of billion dollar mega-corps farming you as a product.

[–] [email protected] 3 points 1 year ago (1 children)

This is the most sane perspective I have read. For sure it is important to have solid principles and do the right things whenever possible, but no one gets to demand changes for something they never contributed to, especially not those things that took a massive amount of money and human power to build. We are all standing on the soldiers of giants, and it is insane to think we can be Ratatouille, controlling them for out benefit.

The only way to change governments and mega-corps is to make it unprofitable when they do the things we don't like, or make it so doing the right thing makes them lots of money.

Thanks for this, it is the reality check I need to make good decisions. Even if I do become the Unidumbass, the people I love who would never follow me into that lifestyle.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

I actually have a formal methodology for how I engage with software/hardware from a FOSS perspective:

Embrace, Subvert, Accept.

For any task I do currently or want to do, I apply this process:

I first try to find and use any FOSS software/hardware that does that thing well enough to use entirely. (Embrace)

If there isn't a FOSS solution that exists or does essential things I need, then I use a proprietary technology in a subversive way to do it. So cracked copies, jail broken or otherwise hacked hardware, or using the proprietary service through an unofficial/unapproved 3rd party app. (Subvert)

If I can't do that either, but the task/need is absolutely critical, only then do I accept using proprietary and unmodified software/hardware. (Accept)

This method has worked pretty great for me. Now about 3 years after starting my FOSS journey, I have almost no software/hardware I use that is in that third category. Basically everything I use is FOSS, hacked, cracked, modded, or runs on platforms that are, and I enjoy tech and computing more than I ever have :)

[–] [email protected] 3 points 1 year ago (1 children)

This is a good method. It is our duty to do everything we can to live by our principles, and be careful about the compromises we make. The more I go deep into FOSS, the more I discover. So much exists, it just takes some work on our part to fit it to our needs. Programming competency does not have to be high, just enough to fix any compile errors.

[–] [email protected] 2 points 1 year ago (1 children)

For sure! Yeah FOSS is an endless well of cool stuff, you can go infinitely deep lol.

[–] [email protected] 2 points 1 year ago (1 children)

I am the most comfortable in rabbit holes.

[–] [email protected] 2 points 1 year ago
[–] BoneALisa 2 points 1 year ago

What's the saying? If you can't tell if it's ignorance or malice, it's probably the former?

however, with all of these points, even if it is ignorance, the lying about encryption (even though I don't really use it) is upsetting. That plus the other lies I've seen them pull is enough to make me consider switching to something else.

Got any recs? Lol

[–] [email protected] 1 points 1 year ago

Fascinating read. I have a lot to research. It is not like ProtonMail is the only alternative provider... there are so many, I just like all the extras that they are attaching to it.